Microsoft Security Updates - Patches for five Zero-Day Vulnerabilities and three Critical Vulnerabilites

Microsoft has released security updates for November 2023. Included in this months patches are security updates for five zero-day vulnerabilities where three of them are exploited in attacks.

The three actively exploited zero-day vulnerabilities are:

CVE-2023-36036 – Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

When the vulnerability in Windows Cloud Files Mini Filter Elevation of Privileges is exploited, the attacker will successfully gain SYSTEM privileges.

It is not known how the flaw was abused in attacks or by what threat actor.

CVE-2023-36033 – Windows DWM Core Library Elevation of Privilege Vulnerability

Microsoft has fixed an actively exploited and publicly disclosed Windows DWM Core Library vulnerability that can be used to elevate privileges to SYSTEM.

CVE-2023-36025 – Windows SmartScreen Security Feature Bypass Vulnerability

Microsoft has fixed an actively exploited Windows SmartScreen flaw that allows a malicious Internet Shortcut to bypass security checks and warnings.

How the vulnerability can be exploited:

• The attacker will send a specially crafted Internet Shortcut (.URL) or hyperlink file to the user.
• When the user clicks on this link, the attacker will be able to bypass Windows Defender SmartScreen checks and their associated prompts.
• The computer will then be compromised by the attacker.

The two other publicly disclosed zero-day vulnerabilities are:

CVE-2023-36413 – Microsoft Office Security Feature Bypass Vulnerability

Exploiting this vulnerability will bypass the protected mode when opening a file received via the web.

CVE-2023-36038 — ASP.NET Core Denial of Service Vulnerability

A denial of service vulnerability in ASP.NET Core.

We would also like you to prioritize three more vulnerabilities which has the severity “Critical”:

CVE-2023-36397- Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability

An attacker could exploit this vulnerability in the Windows Pragmatic General Multicast (PGM) by sending a specially crafted file over the network, potentially allowing them to execute remote malicious code on the targeted machine.

CVE-2023-36400- Windows HMAC Key Derivation Elevation of Privilege Vulnerability

To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.

A successful attack could be performed from a low privilege Hyper-V guest. The attacker could traverse the guest’s security boundary to execute code on the Hyper-V host execution environment.

CVE-2023-36052- Azure CLI REST Command Information Disclosure Vulnerability

An attacker that successfully exploited this vulnerability could recover plaintext passwords and usernames from log files created by the affected CLI commands and published by Azure DevOps and/or GitHub Actions.

Customers using the affected CLI commands must update their Azure CLI version to 2.53.1 or above to be protected against the risks of this vulnerability. This also applies to customers with log files created by using these commands through Azure DevOps and/or GitHub Actions.

We recommend installing the security patches as soon as possible.